End user
and processor
agreements.

See our resources section to download the processor agreement for your records.

END USER AGREEMENT & PROCESSOR AGREEMENT

Revised On: March 22nd, 2016

END USER AGREEMENT

The terms and conditions of this end user agreement apply to Your use of the App and the Services.

1. Definitions

1.1. In these end user agreement, the following terms shall have the meanings set out below unless the context requires otherwise:

Account: Your account created via the App;

App: the app provided by Siilo that You purchase, use or intend to use;

Services: all services made available by Siilo, including but not limited to, services accessed through the App and storage of User Generated Content on Siilo’s servers;

Siilo: Siilo Holding B.V., Keizersgracht 585, 1017 DR Amsterdam, the Netherlands, its respective group company that offers and/or provide the App and/or the Services or another company that uses this end user agreement;

User Generated Content: communications, materials, information, data, opinions, photos, profiles, messages, notes, website links, text information, music, videos, designs, graphics, sounds, and any other content that You post or otherwise make available on or through the App or the Services or store on the same;

You/Your: you, being the user of the App and/or the Services, and your, as in the possessive pronoun of all that relates to you

2. Applicability

2.1. Your use of the App and the Services is subject to the terms and conditions set forth in this end user agreement. If you have not yet concluded this end user agreement, you conclude it either by using or by accessing the App or the Services or any parts thereof. Such use and/or accessing constitute Your consent to and acceptance of this end user agreement. If You do not accept this end user agreement unconditionally in full, do not install, use or access the App or the Services and immediately delete the App should you have already installed it.

2.2. If You are a consumer you are not allowed to use the App or the Services and you must immediately terminate such use and delete the App.

2.3. Siilo is entitled to amend this end user agreement from time to time. If You do not accept such amendments, You must notify Siilo thereof in writing within four weeks after the date on which You have been informed of such amendments. Following such notification, Siilo may, in its sole discretion, decide to terminate the agreement with You (and reimburse You proportionally should you have paid a fee for a term that is not yet finished) or to continue such agreement under the former version thereof. If you do not notify Siilo timely of your non-acceptance, you will be unconditionally bound to the amended end user agreement.

3. License

3.1. The App and any software used to deliver the Services are licensed, not sold, assigned or transferred. Siilo grants You a personal, non-exclusive license to install and use the App and the Services as provided by or on behalf of Siilo, as set forth in this end user agreement. . All rights to use the App and the Services are limited to professional use.

3.2. The rights granted herein are subject to Your continuous compliance with this end user agreement. Without prejudice to any other rights and remedies Siilo may have hereunder, any non-compliance entitles Siilo to deny You further use of the App and/or the Services.

3.3. The license is limited to the intellectual property rights of Siilo and its licensors in the App and does not include any other rights.

3.4. All rights not expressly granted to You herein are reserved by Siilo. Siilo retains all its rights, titles and interest in and to the App and the Services, including, but not limited to, all copyrights, trademarks, trade secrets, trade names, proprietary rights, patents, titles, computer codes, audiovisual effects, themes, characters, character names, stories, dialog, settings, artwork, sound effects, musical works, and moral rights whether registered or not and all applications thereof.

3.5. Unless insofar expressly authorized by mandatory applicable legislation, You will not, without prior written consent from Siilo or as set forth herein otherwise: (i) commercially exploit the App or the Services other than using it as it clearly is intended; (ii) distribute, lease, license, sell, rent, lend, convey or otherwise transfer or assign the App and the Services, any copies thereof, or any passwords or usernames of the App and the Services, (iii) copy, reproduce or distribute the App in any manner or medium, in whole or in part, or decompile, disassemble, or reverse engineer the App by any means whatsoever; (iv) make the App publicly available or available on a network for use or download by multiple users; (v) use or install the App (or permit others to do same) on a network, for on-line use, (vi) remove, alter, or obscure any product identification, copyright, intellectual property, author attributions, legal notices or other labels of the origin or source in the App, (vii) alter, modify, enhance, or create a derivative work of the App.

4. Warranties, liability and indemnity

4.1. Your use of the App and the Services is at Your own account and risk. You are responsible for any and all use of the App and the Services, as well as for the integrity of the password and other identifying means in respect of Your Account. You shall keep Your username and password secure and not allow anyone else to use Your username or password to access the App or the Services.

4.2. Siilo is neither responsible nor liable for any loss that results from the unauthorized use, with or without Your knowledge, of Your username, password and/or other identifying means.

4.3. You agree and warrant that Your use of the App and Services, and Your User Generated Content, will not infringe upon any and all rights of third parties, including but not limited to intellectual property rights, moral rights and privacy rights and, more specific, that such use will always be in conformity with all applicable laws and regulations and with the professional standards in respect of data protection and confidentiality.

4.4. You hereby agree to defend, indemnify and hold harmless Siilo and the parties involved by Siilo for providing the App and the Services to You from and against all damage, claims, costs, charges and expenses (including attorneys’ fees) arising out of Your use of the App and the Services.

4.5. You must notify Siilo immediately in the event You become aware of any access to or usage of the App and the Services of User Generated Content by third parties under Your Account that You did not authorize, or any other possible breach in security.

4.6. Siilo cannot guarantee that the App and the Services will always be available or will always work without any interruptions, errors or defects, or that the information provided on the App and the Services is complete, correct and/or up-to-date.

4.7. The App and the Services are provided to You ‘as is’ and might contain defects. They are provided without warranty of any kind, without performance assurances or guarantees of any kind, and Your use is at Your sole risk. Siilo, Siilo’s licensors and affiliated parties do not make, and disclaim, any and all express or implied warranties, including implied warranties of condition, error-free or uninterrupted use, accuracy of data, merchantability, compatibility, interoperability, satisfactory quality, fitness for a particular purpose, non-infringement of third party rights or that any errors or defects in the App and/or the Services will be corrected.

4.8. Siilo at all times has the right, but can never be obliged, to update, to upgrade and/or to adapt the App and/or the Services, to change or remove data or information stored on the App or the Services.

4.9. Siilo may agree to maintain certain service levels. Demanding fulfillment of Siilio’s obligations out of such further agreement shall be Your only right and remedy in the event of an error, defect, unavailability or other technical shortcoming of the App and/or the Services.

4.10. Siilo, Siilo’s licensors or affiliated parties will not be liable for any special, incidental, consequential or exemplary damages, including but not limited to loss of opportunity or lost profits, loss of goodwill, property damage, computer failure or malfunction and, to the extent permitted by law, damages for personal injuries, or other damage or losses from any causes of action, arising out of or related to the License or the App or the Services, including the possession, access, use or malfunction of the App or the Services, whether arising in tort (including negligence), contract, strict liability or otherwise and whether or not Siilo, Siilo’s Licensors or affiliated parties have been advised of the possibility of such damages.

4.11. In no event shall Siilo, Siilo’s licensors’ or and affiliated parties’ total liability exceed the actual price paid by You for the use of the App and Services. In the event You pay a recurring users fee, such liability is limited to the fee in respect of the period in which the cause of the liability occurred. Only in the event of gross negligent or willful misconduct of Siilo’s management team, no limitation to Siilo’s liability shall apply. The limitation of liability in this clause applies for all of Siilo’s and the other parties’ liability regardless of its origin. It applies to contractual as well as to non-contractual liability.

5. Term and termination

5.1. Unless set out otherwise by Siilo, the term of Your License shall commence on the date that You start to download, install or otherwise use the App and/or Services, and shall end on the earlier of: (i) the date that the term set by Siilo terminates and (iii) the date that You dispose of the App and/or Services, (iv) Your attempt to circumvent any technical protection measures used in connection with the App and/or Services; (v) Your use of the App and/or Services in breach of this end user agreement otherwise; or (vi) Siilo's termination of the License.

5.2. Without limiting Siilo’s statutory rights to terminate or Siilo’s other rights and remedies, Siilo is authorized to suspend the fulfilment of the obligations or to dissolve the License with You without incurring any liability for compensation in the event:

a) That You fail to fulfil Your obligations to Siilo, whether partly or in full;

b) Siilo finds out you do not use the App and/or the Services in accordance with professional standards;

c) Siilo receives complaints in respect of Your use of the App and/or the Services;

d) That Siilo becomes aware of circumstances that constitute valid grounds to expect that You will not timely fulfil Your total obligations;

e) That You were requested to furnish security for the fulfilment of Your obligations to Siilo and this security is not adequately furnished;

f) Of circumstances whose nature precludes that Siilo can be required to fulfil its obligations according to standards of reasonableness and fairness, or in the event of other circumstances whose nature precludes that Siilo may be reasonably expected to maintain its obligations without alteration.

5.3. In case Siilo determines that complaints in respect of Your behavior are incorrect or should not lead to further suspension of Your use of the App and/or the Services, Siilo shall allow You to continue the App and the Services. Under no circumstances Siilo shall become liable in any way if false complaints or wrong judgment of Your behavior, leads to suspension of Your use of the App and/or the Services.

5.4. Promptly upon termination, You must cease all use of the App and Services and remove and destroy all copies of the App in Your possession or control.

6. Privacy

6.1. By installing, using or accessing the App or the Services or any parts thereof, You accept the terms of Siilo's privacy policy as amended from time to time, which is available at www.siilo.com. Siilo’s privacy policy defines how, why and to which extent Siilo collects and uses personal data in relation to Siilo's products and services.

6.2. For personal data in User Generated Content Siilo is the processor and either You are, or your employer or the organization You work for is, the controller under the Dutch Data Protection Act (Wet bescherming persoonsgegevens). In the event that You are the controller You (as controller) and Siilo (as processor) hereby enter into the Data Processor Agreement attached to this end user agreement as Annex 1.

7. Survival and severability

7.1. Any provisions in this end user agreement, which by their nature extend beyond the termination or expiration of any license under this end user agreement, will remain in effect after such termination.

7.2. If any provision of this end user agreement is deemed to be void, invalid, unenforceable or illegal, the other provisions shall continue in full force and effect. In case of any such invalid provisions, Siilo will replace such invalid provisions.

8. Questions and suggestions

8.1. Should You have any questions or suggestions concerning Your use of the App, the Services or this end user agreement, You can contact Siilo via info@siilo.com.

9. Governing law and competent court

9.1. This end user agreement is governed by and construed in accordance with the laws of the Netherlands.

9.2. The United Nations Convention for the International Sale of Goods (CISG) does not apply.

9.3. Any disputes regarding this end user agreement and/or the use of the App or the Services that cannot be settled amicably will be submitted to the relevant court at Amsterdam.

10. Version

10.1. This version of the end user agreement is dated 22 March 2016

--------------------------------------------------------------------

Revised On: May 24th, 2018

PROCESSOR AGREEMENT

This Processor Agreement is an agreement between the user of the Apps and Services (hereafter: ‘Controller’) and Siilo Holding B.V., a company incorporated under the laws of the Netherlands, having its office at Keizersgracht 585, 1072 DR Amsterdam, The Netherlands, or any of its subsidiaries (hereafter: ‘Processor’), and effective as from 24 May 2018.

Considerations:

a. Controller is either himself or herself user of the Apps and Services or one or more users of the Apps and Services belong to Controller’s organization.

b. Controller and Processor concluded a License Agreement (hereafter: ‘LA’) regarding the use of the Apps and Services.

c. In the context of the LA Processor processes personal data for which Controller is controller and Processor is processor within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679) (hereafter: ‘GDPR’).

d. Processing by Processor is limited to sending of Personal Data between the devices of users of the Apps and Services or (temporarily) storing it on servers of Processor.

e. Having regard to the provisions in article 28 GDPR, Controller and Processor want to define the terms under which the personal data will be processed.

Agreement:

1. Definitions

1.1. In the Processor Agreement the definitions of the LA apply. In addition, the following words shall have the meaning as defined in art. 4 GDPR: Controller, Supervisory Authority, Data Subject, Personal Data, Personal Data Breach, Processing, Processor, Third Party. In addition, the following definitions apply:

Apps: the software, provided by Processor and/ or its group companies, installed on the device(s) of Controller or of its employees and other persons that belong to Controller’s organization, or which is remotely accessible through a browser connected to the internet which Controller or persons that belong to Controller’s organization purchases, uses or intends to use under the LA;

Processor Agreement: this Processor Agreement;

Services: all services made available by Processor and its respective group companies, including but not limited to, services accessed through the Apps and storage of user generated content on Processor’s servers or on those of its respective group companies;

Subprocessor: the party engaged as processor by Processor for the Processing of Personal Data under this Processor Agreement and the LA.

2. Subject and instruction

2.1. This Processor Agreement is entered into with the conclusion of the LA between Parties.

2.2. Controller hereby instructs Processor to Process Personal Data in the context of the LA.

2.3. To avoid misunderstanding: Personal Data stored on the devices of Controller or a third party is under the control of Controller or such third party and is not part (or, as the case may be, is not part anymore) of the Processing by Processor even in the event such Personal Data have been transferred through the Apps or is stored in the Apps.

2.4. It is the Controller’s responsibility that Personal Data is only shared with other users of the Apps and Services that are also authorized Controllers of the Personal Data.

2.5. The types of Personal Data to be Processed and the categories of Data Subjects involved are described in Annex I to this Processor Agreement.

2.6. Controller has and maintains full control over the Personal Data. This is self-evident if such data are stored on the users’ devices. Also when the data are stored by Processor, Controller has full control over all of his data.

2.7. Processor Processes the Personal Data in a proper manner and with due care.

2.8. Processor will Process the Personal Data only in accordance with Controller’s instructions, in compliance with the nature and purpose of the Processing determined by Controller and in accordance with retention periods determined by Controller, as set out in Annex I to this Processor Agreement. If Processor is required by law to Process Personal Data, Processor shall inform Controller of that legal requirement before Processing, unless the law prohibits such information on important grounds of public interest.

2.9. Controller warrants that his instructions to Processor lead to Processing by Processor in compliance with all applicable laws and regulations.

2.10. This Processing Agreement does not apply to Personal Data of Controller (e.g. contact information, e-mail address, phone numbers, bank accounts, credit information etc.) that Processor and its group companies process as controller.

2.11. In the event of users that belong to Controller’s organization, this Data Processing agreement also applies to the Personal Data of such users with the exception of such Personal Data that Processor and its group companies need to determine any fee, to conclude and execute LA’s and Service Level Agreements (if any) and/or any other agreement between the parties, to defend itself in any legal proceedings and in as far such processing is required under the applicable law. For such Personal Data Processor shall be controller.

3.2. Processor will of his own accord provide Controller with all information concerning any Personal Data Breach, including the nature of the Personal Data involved, the amount of Personal Data and the number of Data Subjects involved, and the measures taken.

3.3. Processor shall assist Controller in ensuring Controller’s compliance with the obligations pursuant to article 33 GDPR (Notification of a personal data breach to the supervisory authority) and article 34 GDPR (Communication of a personal data breach to the data subject), taking into account the nature of Processing and the information available to the Processor. It is up to Controller to determine whether a Personal Data Breach is shall be notified to the Supervisory Authority or communicated to the Data Subject(s) by Controller.

4. Confidentiality

4.1. All Personal Data stored on and transferred by the Apps and the Services is end-to-end encrypted and non-readable for Processor.

4.2. Processor shall ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Processor shall ensure that Personal Data is not directly or indirectly (made) available to Third Parties. Third Parties include staff of Processor in as far as such staff does not need to access Personal Data in the context of this Processor Agreement. The above does not apply if this Processor Agreement dictates otherwise, or in case of disclosure mandated by law or court ruling.

4.3. Processor will notify Controller immediately of any request for inspection, provision or other form of enquiry and provision of Personal Data in breach of the confidentiality obligations contained in this article.

5.3. Controller shall at all times have the right, in consultation with Processor and subject to a reasonable period of time, at Controller’s own expense, to have the technical and organizational security measures by Processor verified by an independent registered EDP auditor. Parties may determine by agreement that the audit is performed by a certified and independent auditor hired by Processor who will issue a third party statement. Controller will be informed of the outcome of the audit. Controller and Processor shall keep all results of audits based on this article 5.3 strictly confidential.

6. Rights of data subjects

6.1. Taking into account the nature of the Processing, Processor shall assist Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Controller's obligation to respond to requests for exercising the Data Subject's rights laid down in articles 12 to 23 GDPR (Rights of the data subject). Parties will discuss in good faith the reasonable allocation of the costs involved

6.2. Any complaint or request from a Data Subject regarding the Processing of Personal Data is forwarded without delay by Processor to Controller. Controller is responsible for handling the request.

7. Subprocessors

7.1. Processor is entitled to engage Subprocessors. Processor will provide Controller with a list of all Subprocessors when requested. Processor shall inform Controller of any intended changes concerning the addition or replacement of Subprocessors. Controller has the right to object on reasonable grounds to such changes. In the event Controller does object to such changes, Processor may terminate the LA without becoming liable in any way towards Controller. The group companies of Processor that provide (part) of the Services are deemed to belong to Processor’s organization. In as far Processor or a Supervisory Authority shall conclude that such group companies are subprocessors, Controller hereby approves to all subprocessing by Processor’s current group companies and by any future group company over which Processor holds control.

7.2. When Processor engages a Subprocessor for carrying out specific Processing on behalf of Controller, the same data protection obligations as set out in this Processor Agreement shall be imposed on that Subprocessor by way of an agreement, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the GDPR.

7.3. Processor shall require each Subprocessor by contract not to Process Personal Data outside the context of this Processor Agreement.

8. Processing outside the EEA

8.1. Parties shall ensure that, to the extent that Personal Data are processed outside the European Economic Area, such Processing shall conform to the requirements of the GDPR.

9. Retention and destruction of personal data

9.1. Controller has the option to delete or export such (Personal) Data on or from its devices and account. Processor’s systems will, following a delete action by Controller using the Apps or Services, delete all (Personal) Data that is still stored on Controller’s systems, save for any customary retention or backup periods that Processor applies. Personal Data sent to other users of the apps are under the control of those users and are not part of any deletion such as described above.

9.2. Controller shall establish all retention periods and ensure that they are observed by deleting the respective Personal Data.

9.3. After the Processor Agreement ends, Processor will take all necessary actions to delete all Personal Data from its systems within fifteen days, save for any customary retention or backup periods that Processor applies, and will ensure that all the associated Personal Data processed by its Subprocessors shall be destroyed except if further storage of Personal Data is required by law.

10. Liability

10.1. Processor shall only be liable under this Processor Agreement as detailed in the LA. The limitation of liability under the LA applies to Processor’s liability hereunder too. Regarding each event or events that may give rise to any liability of Processor hereunder, the maximum amount for which Processor shall be liable, together with the maximum amount for which Processor shall be liable under the LA together with the maximum amount for which Processor shall be liable for any other reason (e.g. an unlawful act), shall never exceed the maximum amount or amounts for which Processor shall be liable under the LA.

11. Other

11.1. Processor is entitled to change and amend this Processor Agreement to reflect e.g. developments in jurisprudence, changed regulations, best practices published by the Supervisory Authorities and the like. Processor shall inform Controller of such changes and amendments before such new version becomes effective. In the event such new version shall materially negatively affect Controller’s position, Controller shall be entitled to refuse the new version. In that event the LA between Controller and Processor shall end.

11.2. This Processor Agreement remains in force as long as the LA is in force between Parties and ends when the LA ends. The provisions of this Processor Agreement remain in force to the extent necessary for the settlement of the Processor Agreement, and insofar as they are intended to survive its termination. These include, without limitation, the provisions relating to confidentiality and conflicts.

11.3. This Processor Agreement is not transferable by either Party without the written consent of the other Party. However, no consent is required in case of transfer by Processor to a subsidiary or sister company of Processor.

11.4. This Processor Agreement supersedes all other agreements between Controller and Processor.

11.5. This Processor Agreement is governed exclusively by Dutch law.

11.6. Parties will exclusively submit their disputes related to this Processor Agreement to the relevant court in Amsterdam.

Annex I.

The following types of Personal Data may be Processed:

o All Personal Data, including sensible and special categories of Personal Data which can be shared between devices using the Apps and the Services

o All account information stored by Controller on the servers of Processor, such as name, contact details, employer, function etc.

The following categories of Data Subjects are involved:

o Patients

o Persons that are either the data controller or belong to the Data Controller’s organization.

The nature and purposes of the Processing:

The processing consists of the encrypted sending and storing of Personal Data uploaded to and sent by or on behalf of Controller or users that belong to Controller’s organization through the Apps and Services to other users. The Controller shall delete the Personal Data not needed anymore and enforce the applicable retention periods.